The move towards containerized technologies such as Docker for creating and scaling applications is great for development times but presents challenges for enterprises when it comes too keeping apps secure.
Unveiling a security suite designed to give enterprises the visibility and control they need over their container-based applications and data, Twistlock aims to maintain security and maximize efficiency and portability.
Lenovo seems to be having a bad year. It hasn’t been long since the largest PC vendor was caught shipping its laptops with "Superfish" adware, and now we’re learning about some new vulnerabilities found in its computers. But before you slam your fist on your computer desk in dismay, the good news is that Lenovo has the patch ready, and you can download it right away.
Security firm IOActive reports vulnerabilities in Lenovo’s system update file. In a report titled "Lenovo’s System Update Uses a Predictable Security Token", the firm notes (PDF) that these vulnerabilities could allow hackers to bypass validation checks, and replace legitimate Lenovo applications with malicious programs and allow hackers to remotely run programs.
The French government has voted in favor of greater powers of surveillance, giving it intelligence-gathering capabilities on a par with the NSA. The move came in the wake of the Charlie Hebdo attack which led to the deaths of 12 people and prompted the Je Suis Charlie support campaign.
The new laws allow for NSA-style mass collection of metadata online as well as setting up the National Commission for Control of Intelligence Techniques (CNCTR) to oversee data collection. It has been criticized by some as being the French equivalent of the Patriot Act and the ruling Socialist Party is accused of prying too far into the private lives of normal people in the name of counter-terrorism.
Viruses can be a serious problem and they take myriad forms. Viruses have become increasingly sophisticated over the years, particularly in the methods used to try to evade detection. Now Cisco's Talos security researchers have discovered the Rombertik which goes to extraordinary lengths to avoid analysis.
Researchers managed to reverse-engineer the virus and found "multiple layers of obfuscation and anti-analysis functionality". One sample was found to include code that would destroy the MBR of the host computer if analysis or debugging is attempted.
As apps and commerce increasingly move online they provide a tempting target for hackers. It's important that websites are properly tested for vulnerabilities but this can be a time consuming process and many smaller organizations lack the resources and expertise to do it themselves.
High-Tech Bridge's ImmuniWeb offers a fresh approach to website vulnerability assessment. It uses a hybrid approach combining automated testing with the skills of security professionals.
Microsoft values its customers’ security, and it wants them to know that. The company announces its plans to frequently update Windows 10-powered desktops, laptops, phones, and tablets. At Ignite 2015 event, the company says that it will be pushing security updates every day instead of delivering them once a month.
Home users will be getting updates more often than ever, Windows chief Terry Myerson notes. Businesses, however, will remain sited on their monthly cycle -- popularly known as Patch Tuesday -- as the company plans to first test the update with home users and ensure that those codes aren’t breaking anything. Sounds reasonable.
Since the dawn of the digital age, we’ve signed up to the password, trusting in its ability to keep our digital lives safe from thieves and those who would mean us harm.
Moore’s law tells us that every two years computing power doubles -- meaning every two years the amount of time it takes to crack a password using a brute force attack decreases considerably. It’s now reached the point where a password can be cracked in minutes, sometimes in as little as just six seconds. Six seconds to potentially lose your entire digital life.
We’ve come along way since 2000. Just think, the only way most people could get online was by hooking up their computers to a phone line or an Ethernet cable. It might surprise you to know then, that the first portable computers were released way back before we learned to unshackle ourselves from all of those annoying cables. The first laptops were released in the 1980s and one of the first was Apple’s Macintosh Portable, weighing in at a lap crushing 7kg. It’s is safe to say we’ve come along way since that inauspicious beginning.
Although Wi-Fi has been around since 1985, it is was only in the 2000s that it became increasingly popular. Today, Wi-Fi is an integral part of our lives, and is often the first thing that we ask for when checking-in at a hotel, or going for a coffee. I’ve even heard children as young as six or seven demanding a Wi-Fi connection whilst at a hotel!
This past week a very large corporation on the east coast was hacked in what seems to naive old me to be a new way -- through its corporate phone system. Then one night during the same week I got a call from my bank saying my account had been compromised and to press #4 to talk to its security department. My account was fine: it was a telephone-based phishing expedition. Our phone network has been compromised, folks, and nobody with a phone is safe.
Edward Snowden was right we’re not secure, though this time I don’t think the National Security Agency is involved.
Google's Android operating system has matured over the past couple of years. Lollipop -- the latest update -- added fresh paint to give the mobile OS more elegance and provided sophisticated encryption options to make things more secure. But in all these years, Google Play Store -- the marquee Android app store -- has largely remained free from any substantial improvement. In the past, we’ve witnessed plenty of cases where prominently showcased apps in Play Store have been found malicious, riddled with adult content, and spying elements. So it didn't come as a big surprise when this past week a new study uncovered many more of such dubious activities. This time, however, we're looking at apps that many of you are likely using on your devices.
Security researchers from Eurecom tested the top apps from all 25 categories -- summing up to about 2,000 apps -- and found that many of these were connecting to tracking and advertisement websites. Furthermore, many of these apps were pinging even more dubious portals. What’s even more striking is that the owners of these devices have no idea about the activities happening behind the curtain.
WikiLeaks prides itself on bringing information to public attention that might otherwise stay hidden. In order to get this information out in the open, the organization is reliant on a wide range of sources. The sort of stories which WikiLeaks deals with would often not come to light if those breaking the stories could not be guaranteed anonymity.
A few days ago the Sun newspaper revealed that it was using SecureDrop as a way for people to give anonymous tips about stories, and it was touted at the time as being a WikiLeaks-style tool. Now Julian Assange has announced that WikiLeaks has upgraded its own submission tool to offer even greater security.
Mozilla plans to phase out HTTP support in Firefox, in a push to make browsing more secure. The organization wants websites to go all-in with HTTPS, revealing that it will leverage access to some of its browser's features and make proposals to The World Wide Web Consortium to get the ball rolling.
Mozilla's move may be seen as a way to strong-arm lots of website administrators into supporting HTTPS, as, after all, Firefox is the third most-popular browser today, with a desktop usage share of 11.7 percent. The protocol requires the purchase of a certificate, increasing website running costs, which can become a problem for smaller businesses.
Antivirus software produced by Qihoo 360 has been stripped of awards by three leading security testers after it was found to have cheated. AV‐Comparatives, AV‐TEST and Virus Bulletin discovered that Chinese company Qihoo 360 submitted one version of its software for testing, but then released a different one.
The publicly released version of the software had a key virus detection engine disabled, resulting in a lower level of protection for users. As a result of the findings, the security testing bodies are not only revoking any awards given to the software this year, but also calling for greater transparency so consumers know what they are getting.
Adobe Reader 10 has 39 vulnerabilities and is unpatched on 65 percent of private PCs in the US, whilst Adobe Reader 11 with a 55 percent market share has 40 vulnerabilities and remains unpatched on 18 percent of machines.
This is one of the findings of the latest Secunia country report. Additional findings show that 14 percent of PC users in the US (up from 12.9 percent last quarter) have an unpatched operating system, and that Oracle Java once again tops the list of applications exposing PCs to security risks.
Google is life. Well, not really, but for some people it kind of is. For many of us, a Gmail account became a gateway to an entire Google lifestyle. One password logs us into numerous services, which is super convenient, but also quite scary. Over time, it is easy to let your guard down and fall for phishing sites that pretend to be a legit Google login. If your Google credentials are intercepted, you are going to have a bad time.
Today however, the search-giant releases an open source Chrome browser extension aimed to thwart these stinky phishing goons. Called "Password Alert", it will hopefully protect your credentials and keep the sun shining on planet Google.